-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathrun.sh
executable file
·102 lines (90 loc) · 2.35 KB
/
run.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
source source.rc
source custom.rc
printhelp() {
echo "run.sh /phase/"
echo ""
echo "phase parameter:"
echo " 0 - generate keys"
echo " 1 - generate allkeys"
echo " 2 - finalize"
echo " 3 - generate self-signed keys and CSR"
echo " 4 - distribute certificates"
}
copyremote() {
local -r host=$1
local -r script=$2
log "copy $script to $host"
scp $script $host:$EXCATALOG/$script
[ $? -ne 0 ] && logfail "Failed while copying to remove host"
}
runcommand() {
local -r script=$1
while read -r host; do
[ -z "$host" ] && continue
echo "copy scripts to remote $host"
ssh -n $host mkdir -p $EXCATALOG
[ $? -ne 0 ] && logfail "Cannot create remove catalog $EXCATALOG"
copyremote $host custom.rc
copyremote $host source.rc
copyremote $host $script
ssh -n $host "cd $EXCATALOG; ./$script $2"
echo $PWD
done <hosts.txt
}
collectallkeys() {
rm -rf $KEYS
mkdir $KEYS
log "Collects certificate from all hosts"
while read -r host; do
[ -z "$host" ] && continue
scp $host:$SERVER_KEY_LOCATION/$host.cert $KEYS
[ $? -ne 0 ] && logfail "Cannot copy back certficate from remote location $host"
done <hosts.txt
}
collectallcsr() {
rm -rf $CSRDIR
mkdir -p $CSRDIR
log "Collect all CSR requests into $CRSDIR"
while read -r host; do
[ -z "$host" ] && continue
scp $host:$SERVER_KEY_LOCATION/$host.csr $CSRDIR
[ $? -ne 0 ] && logfail "Cannot copy back CSR from host $host"
done <hosts.txt
}
distributecerts() {
while read -r host; do
[ -z "$host" ] && continue
CNAME=$host$CACERT_APP
scp $CERTDIR/$CNAME $host:$SERVER_KEY_LOCATION/$CNAME
[ $? -ne 0 ] && logfail "Cannot copy certificate to $host $SERVER_KEY_LOCATION/$CNAME"
done <hosts.txt
}
PAR=$1
EXCATALOG=re
KEYSDIR=keys
CSRDIR=csrs
CERTDIR=certs
case $PAR in
0) echo "$PAR - generate keys on all hosts"
runcommand genkeys.sh 0
;;
1) echo "$PAR - generate allkeys store"
collectallkeys
./allkeys.sh
;;
2) echo "$PAR - finalize"
runcommand finalize.sh
;;
3) echo "$PAR generate self-signed and CSR"
runcommand genkeys.sh 1
collectallcsr
;;
4) echo "$PAR distrubute and import generated certificates"
distributecerts
runcommand importcacert.sh
runcommand genkeys.sh 2
;;
*) echo "Incorrect parameter"
printhelp
;;
esac